Without limitation to plant facilities, a control system utilizing computers is being widely used in various fields such as automobiles and household appliances. Furthermore, pursuant to the advancement of IT, control systems are now able to input/output information via a network. Meanwhile, in line with this, unauthorized access to control systems through malwares and DoS attacks are increasing. Thus, various technologies are being proposed for protecting control systems from unauthorized access.
It is difficult to check, one by one, the huge amounts of communication logs sent to the control system, and detect unauthorized access. Thus, PTL 1 discloses a technology of preparing a plurality of templates to process the communication logs, and reducing the amount of communication logs to be confirmed for preventing unauthorized access based on with which template the communication log had matched.